[3.3] postgresql: Multiple vulnerabilities (CVE-2017-12172, CVE-2017-15098, CVE-2017-15099)
CVE-2017-12172: Start scripts permit database administrator to
modify root-owned files
CVE-2017-15098: Memory disclosure in JSON functions
CVE-2017-15099: INSERT … ON CONFLICT DO UPDATE fails to enforce
SELECT privileges
Fixed In:
postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql 9.5.10, postgresql 9.6.6, postgresql 10.1
References:
https://www.postgresql.org/about/news/1801/
(from redmine: issue id 8156, created on 2017-11-16, closed on 2017-11-22)
- Relations:
- parent #8152 (closed)